Red Hat reports ‘Dirty Cow’ Linux kernel bug

Red Hat has reported a serious bug in Linux kernel. Oddly named Dirty Cow, the issue was detected and fixed by Linux Creator Linus Torvalds element years ago, but its fix was undone due to problems on s390 in other operation.

Dirty Cow bug is a race condition that mishandles copy-on-write (COW) operation of private read-only memory mappings in Linux kernel memory. An attacker can leverage this condition to write read-only memory mappings and even increase their privileges on a system. Race conditions are quite common on the open source platform, though fixing them takes time sometimes.

The bug was hard to detect problems on s390 but since virtual machine (VM) has become more scalable, triggering any specific race conditions has become much easier. In an official post on the kernel website, Torvalds announced that introducing new internal FLOW_COW flag to mark “yes, we already did a COW”.

“To fix it, we introduce a new internal FOLL_COW flag to mark the ‘yes, we already did a COW’ rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid,” Torvalds wrote in the post.

According to Linux security researcher Phil Oester, who discovered the exploit, the bug is trivial to execute, but it has been around for years. The attack does not leave any system logs which makes it difficult to trace.

Experts consider that Dirty Cow bug has not affected all Linux distributions. But still, it is recommended to patch the system with available updates.